Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
JordAnge
Staff
Staff

Created on ‎09-11-2024 09:32 PM

Article Id 340864

Technical Tip: BIND DNS vulnerabilities (CVE-2006-0987, CVE-1999-0024)

Description This article describes that Scanning tools report CVE-2006-0987 and CVE-1999-0024 vulnerabilities in FortiADC.
Scope FortiADC.
Solution

Scanning tools have detected the following vulnerabilities:

 


CVE-2006-0987---00.png

 

CVE-2006-0987---01.png

 

This behavior can be fixed disabling recursive feautre in 'global-dns-server general' or 'global-dns-server policy'.


config global-dns-server general
    set recursion-status disable
    set listen-on-all-interface enable
end

config global-dns-server policy
    edit "DEFAULT_DNS_POLICY"
      set source-address any
      set destination-address any
      set zone-list fqdn_generate_domain.lab. fqdn_generate_fortinet-tac.lab. .......
      set recursion-status disable
    next
end

 

Apply the DNS-Server-Policy into each Zone:
PSIRT Note: Vulnerability Scanner false positive FortiOS ISC BIND DNS vulnerabilities false alarm
294
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.